Hallo Ihr Lieben,
wieder einmal habe ich Probleme mit Let's Encrypt und einer Subdomain. Die DNS-Einträge sind richtig. Wenn ich certbot-auto renew aufrufe, erhalte ich folgende Fehler:
bei certbot-auto certonly funktioniert es allerdings:
Was läuft das falsch? Das Problem ist mir erst nach dem Update auf Debian Buster aufgefallen. Ich hoffe, Ihr könnt mir helfen.
Liebe Grüße
Thomas
wieder einmal habe ich Probleme mit Let's Encrypt und einer Subdomain. Die DNS-Einträge sind richtig. Wenn ich certbot-auto renew aufrufe, erhalte ich folgende Fehler:
Code:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mustermann.subdomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mustermann.subdomain.de
http-01 challenge for www.mustermann.subdomain.de
Waiting for verification...
Challenge failed for domain www.mustermann.subdomain.de
Challenge failed for domain mustermann.subdomain.de
http-01 challenge for www.mustermann.subdomain.de
http-01 challenge for mustermann.subdomain.de
Cleaning up challenges
Attempting to renew cert (mustermann.subdomain.de) from /etc/letsencry
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mustermann.subdomain.de/fullchain.pem (failure )
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mustermann.subdomain.de
Type: unauthorized
Detail: Invalid response from
https://mustermann.subdomain.de/.well-known/acme-challenge/FJI_JZBk PokJeGJI9mL0_6ong7AncPyfMfNq1iFhvHE
[37.221.192.201]: "\n\n\n\t<!DOCTYPE html>\n\t<html
xmlns=\"http://www.w3.org/1999/xhtml\" dir=\"ltr\"
lang=\"de\">\n\t\t\n\t\t\t<head>\n\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t<!--\n\t\ t\t\n\t\t\t\t"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- The following errors were reported by the server:
Domain: www.mustermann.subdomain.de
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
www.mustermann.subdomain.de - check that a DNS record
exists for this domain
bei certbot-auto certonly funktioniert es allerdings:
Code:
root@server:~# certbot-auto certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Nginx Web Server plugin (nginx)
3: Spin up a temporary webserver (standalone)
4: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 3
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): mustermann.subdomain.de
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/mustermann.subdomain.de-0001.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mustermann.subdomain.de
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mustermann.subdomain.de-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mustermann.subdomain.de-0001/privkey.pem
Your cert will expire on 2020-08-31. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Was läuft das falsch? Das Problem ist mir erst nach dem Update auf Debian Buster aufgefallen. Ich hoffe, Ihr könnt mir helfen.
Liebe Grüße
Thomas
Zuletzt bearbeitet: